package com.mh.study.springcloud.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.jwt.crypto.sign.MacSigner;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

/**
 * @author meng.han
 * @since 2022-04-11
 */
@Configuration
@EnableResourceServer
@EnableWebSecurity
public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {

    private static final String SIGN_KEY = "MH123";

    private final MhAccessTokenConverter mhAccessTokenConverter;

    @Autowired
    public ResourceServerConfigurer(MhAccessTokenConverter mhAccessTokenConverter) {
        this.mhAccessTokenConverter = mhAccessTokenConverter;
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
//        resources.resourceId("autodeliver");
//        RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
//        remoteTokenServices.setClientId("client_mh");
//        remoteTokenServices.setClientSecret("abcxyz");
//        remoteTokenServices.setCheckTokenEndpointUrl("http://localhost:9999/oauth/check_token");
//        resources.tokenServices(remoteTokenServices);

        resources.resourceId("autodeliver")
                .tokenStore(tokenStore())
                .stateless(true);
    }

    private TokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }


    private JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setSigningKey(SIGN_KEY);
        jwtAccessTokenConverter.setVerifier(new MacSigner(SIGN_KEY));
        jwtAccessTokenConverter.setAccessTokenConverter(mhAccessTokenConverter);
        return jwtAccessTokenConverter;
    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.sessionManagement()
                // session创建策略
                .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
                .and()
                .authorizeRequests()
                // auto-delivery为前缀的请求需要认证
                .antMatchers("/auto-delivery/**").authenticated()
                // demo为前缀的请求需要认证
                .antMatchers("/demo/**").authenticated()
                // 其它请求不认证
                .anyRequest().permitAll();

    }

}
